Last week for CloudFlare was held under the motto of strengthen cryptographic connections to its global CDN-network. The company has opened to customers free access to innovations such as the TLS 1.3 protocol, Automatic HTTPS Rewrites (auto-redirect from HTTP to HTTPS) function and opportunistic encryption.
Currently, CloudFlare services are used by the owners of more than 2 million sites and services. CDN-largest provider argued for a strong and affordable cryptographic. Is enough to recall such CloudFlare initiatives as Universal SSL, introduction of the keyless SSL and advanced combination of ciphers ChaCha20-Poly1305.
TLS 1.3 – the latest version of the protocol used by the HTTPS-services for encrypting and authenticating connections. CloudFlare experts who participated in the development of TLS 1.3, argue that its implementation can improve not only the reliability of protection, but also the speed of loading pages, especially in mobile networks. TLS 1.3 helps reduce the number of messages required to establish a connection, and with the adoption of this standard each browser message will be passed on CloudFlare server in just 50 ms.
As a result, the “slow” sites, which are usually loaded longer than 300 ms, will have a noticeable acceleration. According to CloudFlare, TLS 1.3 support is already implemented in Firefox and Chrome releases to developers.
Running Automatic HTTPS Rewrites designed to facilitate secure transfer to the full HTTPS for client sites that use the so-called mixed content. Modern browsers are trying to protect the user from unsafe HTTP-scripts and images, blocking the download of the first and warning of insecurity of last, for this reason, such sites often do not work.
Currently, the resources available for HTTP, are displayed to the user as “neutral”, so HTTPS-sites with mixed content operators prefer to use HTTP, rather than a partial HTTPS. However, this order is about to change: Google has announced that from next year Chrome will respond to HTTP-sites as unreliable. Mozilla is also working on the translation of its browser to HTTPS-only.
Enabling Automatic HTTPS Rewrites on the site, as explained by Nick Sullivan on CloudFlare’s blog will allow to change the HTTP to HTTPS for all third-party resources, and dynamically generated content, in principle, available for HTTPS, even if the source code of the page dictates downloads over HTTP. The new feature will even be able to rewrite the link http: // as the https: //, where possible.
To perform a painless upgrade, CloudFlare armed with a list of HTTPS Everywhere EFF and information about support HSTS, which operates Chrome. Soon the company also will get their own list of domains that are enabled HTTPS.